I'm using GSSAPI in Java in order to login to an LDAP server using Kerberos authentication. I'm a newbie to Kerberos, so I'm sorry if this is an obvious question, but I couldn't find anything clear enough on the internet.
I perform the following steps:
"java.security.auth.login.config"
to the configuration file path.LoginContext.login()
with the name of the configuration and a self defined callback handlerSubject.doAs()
), and connect to the LDAP server by creating a new InitialLDAPContext
with the appropriate environment variables.Now, My problem is I don't understand which step correlates to which kerberos action? Is it correct to say that after the login action I only have a TGT? When do I get the service specific ticket?
Thanks, Dikla
The class com.sun.security.auth.module.Krb5LoginModule is Sun's implementation of a login module for the Kerberos version 5 protocol. Upon successful authentication the Ticket Granting Ticket (TGT) is stored in the Subject's private credentials set and the Kerberos principal is stored in the Subject's principal set.
(Taken from here)
This means that LoginContext.login
is indeed equal to kinit
in that after each of them, we have a TGT.
The service ticket will be obtained and used later - according to the action performed in Subject.doAs()
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With